From 2ab957492d13bb819400ac29ae55911d50a82a13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20P=C3=B6hn?= Date: Mon, 20 Apr 2015 09:19:20 +0200 Subject: ip_forward: Drop frames with attached skb->sk Initial discussion was: [FYI] xfrm: Don't lookup sk_policy for timewait sockets Forwarded frames should not have a socket attached. Especially tw sockets will lead to panics later-on in the stack. This was observed with TPROXY assigning a tw socket and broken policy routing (misconfigured). As a result frame enters forwarding path instead of input. We cannot solve this in TPROXY as it cannot know that policy routing is broken. v2: Remove useless comment Signed-off-by: Sebastian Poehn Signed-off-by: David S. Miller diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 939992c..3674484 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c @@ -82,6 +82,9 @@ int ip_forward(struct sk_buff *skb) if (skb->pkt_type != PACKET_HOST) goto drop; + if (unlikely(skb->sk)) + goto drop; + if (skb_warn_if_lro(skb)) goto drop; -- cgit v0.10.2 From a068833bbf0ede9203410f8fd186178c758ade9b Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Mon, 20 Apr 2015 21:07:48 +0200 Subject: pppoe: Lacks DST MAC address check A pppoe session is identified by its session ID and MAC address. Currently pppoe does not check if the received pkg has the correct MAC address. This is a problem when the eth I/F is in promisc mode as then any DST MAC address is accepted. Signed-off-by: Joakim Tjernlund Signed-off-by: David S. Miller diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index ff059e1..aa1dd92 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -380,6 +380,9 @@ static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb) * can't change. */ + if (skb->pkt_type == PACKET_OTHERHOST) + goto abort_kfree; + if (sk->sk_state & PPPOX_BOUND) { ppp_input(&po->chan, skb); } else if (sk->sk_state & PPPOX_RELAY) { -- cgit v0.10.2 From 4e18b9adf2f910ec4d30b811a74a5b626e6c6125 Mon Sep 17 00:00:00 2001 From: Tom Herbert Date: Mon, 20 Apr 2015 14:10:04 -0700 Subject: net: add skb_checksum_complete_unset This function changes ip_summed to CHECKSUM_NONE if CHECKSUM_COMPLETE is set. This is called to discard checksum-complete when packet is being modified and checksum is not pulled for headers in a layer. Signed-off-by: Tom Herbert Signed-off-by: David S. Miller diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 0991259..06793b5 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -3016,6 +3016,18 @@ static inline bool __skb_checksum_validate_needed(struct sk_buff *skb, */ #define CHECKSUM_BREAK 76 +/* Unset checksum-complete + * + * Unset checksum complete can be done when packet is being modified + * (uncompressed for instance) and checksum-complete value is + * invalidated. + */ +static inline void skb_checksum_complete_unset(struct sk_buff *skb) +{ + if (skb->ip_summed == CHECKSUM_COMPLETE) + skb->ip_summed = CHECKSUM_NONE; +} + /* Validate (init) checksum based on checksum complete. * * Return values: -- cgit v0.10.2 From 3dfb05340ec6676e6fc71a9ae87bbbe66d3c2998 Mon Sep 17 00:00:00 2001 From: Tom Herbert Date: Mon, 20 Apr 2015 14:10:05 -0700 Subject: ppp: call skb_checksum_complete_unset in ppp_receive_frame Call checksum_complete_unset in PPP receive to discard checksum-complete value. PPP does not pull checksum for headers and also modifies packet as in VJ compression. Signed-off-by: Tom Herbert Signed-off-by: David S. Miller diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index af034db..9d15566 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -1716,6 +1716,7 @@ ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch) { /* note: a 0-length skb is used as an error indication */ if (skb->len > 0) { + skb_checksum_complete_unset(skb); #ifdef CONFIG_PPP_MULTILINK /* XXX do channel-level decompression here */ if (PPP_PROTO(skb) == PPP_MP) -- cgit v0.10.2 From 614f03fc6a897d212546a93f50d449409215dfd4 Mon Sep 17 00:00:00 2001 From: Vivien Didelot Date: Mon, 20 Apr 2015 17:19:23 -0400 Subject: net: dsa: mv88e6xxx: fix setup of port control 1 mv88e6xxx_setup_port_common was writing to PORT_DEFAULT_VLAN (port offset 0x07) instead of PORT_CONTROL_1 (port offset 0x05). Fixes: cca8b1337541 ("net: dsa: Use mnemonics rather than register numbers") Signed-off-by: Vivien Didelot Acked-by: Andrew Lunn Signed-off-by: David S. Miller diff --git a/drivers/net/dsa/mv88e6xxx.c b/drivers/net/dsa/mv88e6xxx.c index 9f0c2b9..48712bd 100644 --- a/drivers/net/dsa/mv88e6xxx.c +++ b/drivers/net/dsa/mv88e6xxx.c @@ -1251,8 +1251,7 @@ int mv88e6xxx_setup_port_common(struct dsa_switch *ds, int port) /* Port Control 1: disable trunking, disable sending * learning messages to this port. */ - ret = _mv88e6xxx_reg_write(ds, REG_PORT(port), PORT_DEFAULT_VLAN, - 0x0000); + ret = _mv88e6xxx_reg_write(ds, REG_PORT(port), PORT_CONTROL_1, 0x0000); if (ret) goto abort; -- cgit v0.10.2 From 47cf1e659e0f44c29788a96345862c44c6a48c89 Mon Sep 17 00:00:00 2001 From: Vivien Didelot Date: Mon, 20 Apr 2015 17:43:26 -0400 Subject: net: dsa: mv88e6xxx: use PORT_DEFAULT_VLAN Minor, use the explicit PORT_DEFAULT_VLAN define instead of 0x07. Signed-off-by: Vivien Didelot Acked-by: Andrew Lunn Signed-off-by: David S. Miller diff --git a/drivers/net/dsa/mv88e6xxx.c b/drivers/net/dsa/mv88e6xxx.c index 48712bd..af639ab 100644 --- a/drivers/net/dsa/mv88e6xxx.c +++ b/drivers/net/dsa/mv88e6xxx.c @@ -1274,7 +1274,8 @@ int mv88e6xxx_setup_port_common(struct dsa_switch *ds, int port) /* Default VLAN ID and priority: don't set a default VLAN * ID, and set the default packet priority to zero. */ - ret = _mv88e6xxx_reg_write(ds, REG_PORT(port), 0x07, 0x0000); + ret = _mv88e6xxx_reg_write(ds, REG_PORT(port), PORT_DEFAULT_VLAN, + 0x0000); abort: mutex_unlock(&ps->smi_mutex); return ret; -- cgit v0.10.2 From 71cd26e76a9514715df7880db0a8f7c37c17149a Mon Sep 17 00:00:00 2001 From: Andreas Oetken Date: Tue, 21 Apr 2015 00:16:38 +0200 Subject: altera tse: Error-Bit on tx-avalon-stream always set. The Error-Bit on the avalon streaming interface of the tx-dma-channel was always set. In SGMII configurations this leads to error-symbols on the PCS and packet-rejection on the receiver side (e.g. SGMII/1000Base-X connected switch). This only applies to the tse-configuration with MSGDMA. This issue was detected and fixed on a custom board with a direct connection to a Marvell switch in SGMII-PHY-Mode. (incl. custom patches for SGMII-PCS). According to the datasheet if ff_tx_err (avalon-streaming) is set it is forwarded to gm_tx_err. As a result the PCS is forwarding the error by sending a "/V/"-caracter. Signed-off-by: Andreas Oetken Signed-off-by: David S. Miller diff --git a/drivers/net/ethernet/altera/altera_msgdmahw.h b/drivers/net/ethernet/altera/altera_msgdmahw.h index e335626..eba070f 100644 --- a/drivers/net/ethernet/altera/altera_msgdmahw.h +++ b/drivers/net/ethernet/altera/altera_msgdmahw.h @@ -72,7 +72,6 @@ struct msgdma_extended_desc { #define MSGDMA_DESC_CTL_TX_SINGLE (MSGDMA_DESC_CTL_GEN_SOP | \ MSGDMA_DESC_CTL_GEN_EOP | \ MSGDMA_DESC_CTL_TR_COMP_IRQ | \ - MSGDMA_DESC_CTL_TR_ERR_IRQ | \ MSGDMA_DESC_CTL_GO) #define MSGDMA_DESC_CTL_RX_SINGLE (MSGDMA_DESC_CTL_END_ON_EOP | \ -- cgit v0.10.2 From 3c7151275c0c9a80c3375f9874b1c7129a105eea Mon Sep 17 00:00:00 2001 From: "jbaron@akamai.com" Date: Mon, 20 Apr 2015 20:05:07 +0000 Subject: tcp: add memory barriers to write space paths Ensure that we either see that the buffer has write space in tcp_poll() or that we perform a wakeup from the input side. Did not run into any actual problem here, but thought that we should make things explicit. Signed-off-by: Jason Baron Signed-off-by: David S. Miller diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 59c8a02..8c5cd9e 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -520,8 +520,10 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait) /* Race breaker. If space is freed after * wspace test but before the flags are set, - * IO signal will be lost. + * IO signal will be lost. Memory barrier + * pairs with the input side. */ + smp_mb__after_atomic(); if (sk_stream_is_writeable(sk)) mask |= POLLOUT | POLLWRNORM; } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index a7ef679..3a4d9b34 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4845,6 +4845,8 @@ static void tcp_check_space(struct sock *sk) { if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) { sock_reset_flag(sk, SOCK_QUEUE_SHRUNK); + /* pairs with tcp_poll() */ + smp_mb__after_atomic(); if (sk->sk_socket && test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) tcp_new_space(sk); -- cgit v0.10.2 From fab9adfb71fc8690e20c3c280d39d49c8f4a3f0a Mon Sep 17 00:00:00 2001 From: Eran Ben Elisha Date: Tue, 21 Apr 2015 15:46:34 +0300 Subject: net/mlx4_core: Fix reading HCA max message size in mlx4_QUERY_DEV_CAP Currently we parse max_msg_sz from the wrong offset in QUERY_DEV_CAP, fix to use the right offset. Fixes: 0b131561a7d6 ('net/mlx4_en: Add Flow control statistics [..]') Signed-off-by: Eran Ben Elisha Signed-off-by: Or Gerlitz Signed-off-by: David S. Miller diff --git a/drivers/net/ethernet/mellanox/mlx4/fw.c b/drivers/net/ethernet/mellanox/mlx4/fw.c index b9881fc..a407981 100644 --- a/drivers/net/ethernet/mellanox/mlx4/fw.c +++ b/drivers/net/ethernet/mellanox/mlx4/fw.c @@ -781,10 +781,10 @@ int mlx4_QUERY_DEV_CAP(struct mlx4_dev *dev, struct mlx4_dev_cap *dev_cap) MLX4_GET(field, outbox, QUERY_DEV_CAP_VL_PORT_OFFSET); dev_cap->num_ports = field & 0xf; MLX4_GET(field, outbox, QUERY_DEV_CAP_MAX_MSG_SZ_OFFSET); + dev_cap->max_msg_sz = 1 << (field & 0x1f); MLX4_GET(field, outbox, QUERY_DEV_CAP_PORT_FLOWSTATS_COUNTERS_OFFSET); if (field & 0x10) dev_cap->flags2 |= MLX4_DEV_CAP_FLAG2_FLOWSTATS_EN; - dev_cap->max_msg_sz = 1 << (field & 0x1f); MLX4_GET(field, outbox, QUERY_DEV_CAP_FLOW_STEERING_RANGE_EN_OFFSET); if (field & 0x80) dev_cap->flags2 |= MLX4_DEV_CAP_FLAG2_FS_EN; -- cgit v0.10.2